[syslog-ng] [PATCH 1/2] [dbparser] inherit nvpairs from parent in correlation action
balint.kovacs at balabit.com
balint.kovacs at balabit.com
Fri Nov 9 15:28:20 CET 2012
From: Balint Kovacs <blint at blint.hu>
This patch implements an inherit-name-value-pairs attribute for
message type actions is patterndb correlation. In case this is set to
TRUE, the triggering log message is cloned and all name-value pairs
are automagically copied to the emitted message. The values set in the
values XML subtree overwrite the original values. In case it is set to
FALSE or unspecified, a new message is generated and only the values
set manually are added to it.
<actions>
<action>
<message inherit-name-value-pairs='TRUE'>
<values>
<value name="PROGRAM">my-program-name</value>
<value name="MSG">Hello new message!</value>
<value name="contextid">${session-id}@2</value>
</values>
</message>
</action>
</actions>
Signed-off-by: Balint Kovacs <blint at blint.hu>
---
modules/dbparser/patterndb-int.h | 1 +
modules/dbparser/patterndb.c | 32 +++++++++++++++++++++++++++++---
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/modules/dbparser/patterndb-int.h b/modules/dbparser/patterndb-int.h
index 0434847..154b686 100644
--- a/modules/dbparser/patterndb-int.h
+++ b/modules/dbparser/patterndb-int.h
@@ -126,6 +126,7 @@ typedef struct _PDBAction
guint8 content_type;
guint16 rate;
guint32 id:8, rate_quantum:24;
+ gboolean inherit_nvpairs;
union
{
PDBMessage message;
diff --git a/modules/dbparser/patterndb.c b/modules/dbparser/patterndb.c
index 8720ea0..168a24c 100644
--- a/modules/dbparser/patterndb.c
+++ b/modules/dbparser/patterndb.c
@@ -388,6 +388,17 @@ pdb_action_set_trigger(PDBAction *self, const gchar *trigger, GError **error)
g_set_error(error, 0, 1, "Unknown trigger type: %s", trigger);
}
+void
+pdb_action_set_inheritance(PDBAction *self, const gchar *inherit_nvpairs, GError **error)
+{
+ if (strcmp(inherit_nvpairs, "TRUE") == 0)
+ self->inherit_nvpairs = TRUE;
+ else if (strcmp(inherit_nvpairs, "FALSE") == 0)
+ self->inherit_nvpairs = FALSE;
+ else
+ g_set_error(error, 0, 1, "Unknown inheritance type: %s", inherit_nvpairs);
+}
+
PDBAction *
pdb_action_new(gint id)
{
@@ -398,6 +409,7 @@ pdb_action_new(gint id)
self->trigger = RAT_MATCH;
self->content_type = RAC_NONE;
self->id = id;
+ self->inherit_nvpairs = FALSE;
return self;
}
@@ -552,9 +564,18 @@ pdb_rule_run_actions(PDBRule *self, gint trigger, PatternDB *db, PDBContext *con
case RAC_NONE:
break;
case RAC_MESSAGE:
- genmsg = log_msg_new_empty();
- genmsg->flags |= LF_LOCAL;
- genmsg->timestamps[LM_TS_STAMP] = msg->timestamps[LM_TS_STAMP];
+ if (action->inherit_nvpairs)
+ {
+ LogPathOptions path_options = LOG_PATH_OPTIONS_INIT;
+ path_options.ack_needed = FALSE;
+ genmsg = log_msg_clone_cow(msg, &path_options);
+ }
+ else
+ {
+ genmsg = log_msg_new_empty();
+ genmsg->flags |= LF_LOCAL;
+ genmsg->timestamps[LM_TS_STAMP] = msg->timestamps[LM_TS_STAMP];
+ }
if (context)
{
switch (context->key.scope)
@@ -942,6 +963,11 @@ pdb_loader_start_element(GMarkupParseContext *context, const gchar *element_name
}
else if (strcmp(element_name, "message") == 0)
{
+ for (i = 0; attribute_names[i]; i++)
+ {
+ if (strcmp(attribute_names[i], "inherit-name-value-pairs") == 0)
+ pdb_action_set_inheritance(state->current_action, attribute_values[i], error);
+ }
if (!state->in_action)
{
*error = g_error_new(1, 0, "Unexpected <message> element, it must be inside an action");
--
1.7.9.5
More information about the syslog-ng
mailing list